v0.9.2 switched to correct version of encrypted database
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "jama-backend",
|
||||
"version": "0.9.1",
|
||||
"version": "0.9.2",
|
||||
"description": "TeamChat backend server",
|
||||
"main": "src/index.js",
|
||||
"scripts": {
|
||||
@@ -19,7 +19,7 @@
|
||||
"sharp": "^0.33.2",
|
||||
"socket.io": "^4.6.1",
|
||||
"web-push": "^3.6.7",
|
||||
"better-sqlite3-sqlcipher": "^9.4.3"
|
||||
"better-sqlite3-multiple-ciphers": "^12.6.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
"nodemon": "^3.0.2"
|
||||
|
||||
@@ -74,7 +74,7 @@ if (header.toString('ascii') !== MAGIC) {
|
||||
|
||||
let Database;
|
||||
try {
|
||||
Database = require('better-sqlite3-sqlcipher');
|
||||
Database = require('better-sqlite3-multiple-ciphers');
|
||||
} catch (e) {
|
||||
console.error('ERROR: better-sqlite3-sqlcipher is not installed.');
|
||||
console.error('Run: npm install better-sqlite3-sqlcipher');
|
||||
@@ -95,20 +95,20 @@ try {
|
||||
console.log('Step 1/4 Opening plain database...');
|
||||
const plain = new Database(DB_PATH);
|
||||
|
||||
// Create the encrypted copy using SQLCipher ATTACH + sqlcipher_export
|
||||
// Create encrypted copy using sqlcipher_export via ATTACH
|
||||
console.log('Step 2/4 Encrypting to temporary file...');
|
||||
const safeKey = DB_KEY.replace(/'/g, "''");
|
||||
plain.exec(`
|
||||
ATTACH DATABASE '${encPath}' AS encrypted KEY '${safeKey}';
|
||||
SELECT sqlcipher_export('encrypted');
|
||||
DETACH DATABASE encrypted;
|
||||
`);
|
||||
plain.exec(`ATTACH DATABASE '${encPath}' AS encrypted KEY '${safeKey}'`);
|
||||
plain.exec(`SELECT sqlcipher_export('encrypted')`);
|
||||
plain.exec(`DETACH DATABASE encrypted`);
|
||||
plain.close();
|
||||
|
||||
// Verify the encrypted file opens correctly
|
||||
// Verify the encrypted file opens correctly with cipher settings
|
||||
console.log('Step 3/4 Verifying encrypted database...');
|
||||
const enc = new Database(encPath);
|
||||
enc.pragma(`key = '${safeKey}'`);
|
||||
enc.pragma(`cipher='sqlcipher'`);
|
||||
enc.pragma(`legacy=4`);
|
||||
enc.pragma(`key='${safeKey}'`);
|
||||
const count = enc.prepare("SELECT COUNT(*) as n FROM sqlite_master").get();
|
||||
enc.close();
|
||||
console.log(` OK — ${count.n} objects found in encrypted DB`);
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
const Database = require('better-sqlite3-sqlcipher');
|
||||
const Database = require('better-sqlite3-multiple-ciphers');
|
||||
const path = require('path');
|
||||
const fs = require('fs');
|
||||
const bcrypt = require('bcryptjs');
|
||||
@@ -18,9 +18,13 @@ function getDb() {
|
||||
}
|
||||
db = new Database(DB_PATH);
|
||||
if (DB_KEY) {
|
||||
// Apply encryption key — must be the very first pragma before any other DB access
|
||||
db.pragma(`key = '${DB_KEY.replace(/'/g, "''")}'`);
|
||||
console.log('[DB] Encryption key applied');
|
||||
// Use SQLCipher4 AES-256-CBC — compatible with standard sqlcipher CLI and DB Browser
|
||||
// Must be applied before any other DB access
|
||||
const safeKey = DB_KEY.replace(/'/g, "''");
|
||||
db.pragma(`cipher='sqlcipher'`);
|
||||
db.pragma(`legacy=4`);
|
||||
db.pragma(`key='${safeKey}'`);
|
||||
console.log('[DB] Encryption key applied (SQLCipher4)');
|
||||
} else {
|
||||
console.warn('[DB] WARNING: DB_KEY not set — database is unencrypted');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user